Authorization Flaw in Spreadconnect by Spoddev2021
CVE-2025-53291

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Spreadconnect
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-53291?

The Spreadconnect plugin by Spoddev2021 has been identified with a missing authorization vulnerability that can lead to unauthorized access. This flaw affects versions up to 2.1.5, allowing potential attackers to manipulate access controls and gain privileges they should not have. It is crucial for users to update their plugins to the latest version to mitigate the risk associated with this vulnerability.

Affected Version(s)

Spreadconnect <= 2.1.5

References

https://patchstack.com/database/wordpress/plugin/wc-spod/...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Jun 27, 2025

Credit

ch4r0n (Patchstack Alliance)

WordPress

What is CVE-2025-53291?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit